The U.S. Department of Justice (DoJ) announced the indictment of four members of the notorious cybercrime group FIN9, accused of orchestrating a series of computer intrusions causing over $71 million in losses to U.S. companies.
The indictment names Vietnamese nationals Ta Van Tai, alias “Quynh Hoa” or “Bich Thuy”; Nguyen Viet Quoc, alias “Tien Nguyen”; Nguyen Trang Xuyen; and Nguyen Van Truong, alias “Chung Nguyen”. These individuals are charged with executing sophisticated cyberattacks from May 2018 to October 2021, targeting multiple companies across the United States.
U.S. Attorney Philip R. Sellinger emphasized the severity and complexity of FIN9's operations, stating, “The FIN9 defendants were prolific international hackers who, for years, allegedly used phishing campaigns, supply chain attacks, and other hacking methods to steal millions from their victims. They did all of this while hiding behind keyboards, VPNs, and fake identities, and even then, the Department of Justice found them.”
The indictment details how FIN9 employed various tactics to infiltrate corporate networks, including:
- Phishing campaigns: Emails and communications designed to deceive recipients into revealing sensitive information.
- Supply chain attacks: Targeting the networks of third-party vendors crucial to the supply chains of their primary targets.
Once inside the networks, the defendants allegedly stole non-public information, employee benefits, and funds. For instance, they accessed employee benefit programs to redirect digital rewards, such as gift cards, to accounts they controlled. They also stole personally identifiable information and credit card data to open accounts at cryptocurrency exchanges and hosting services under false identities.
The extensive operations of FIN9 included hacking into a cloud hosting company in Florida, a cloud storage service in California, a peer-to-peer cryptocurrency platform in Delaware, a package forwarding service in Oregon, a video game retailer in Texas, among others.
The four defendants face multiple charges, including:
- Conspiracy to Commit Fraud, Extortion, and Related Activity in Connection with Computers: Up to five years in prison.
- Conspiracy to Commit Wire Fraud: Up to 20 years in prison.
- Intentional Damage to a Protected Computer: Up to 10 years per count.
- Conspiracy to Commit Money Laundering: Up to 20 years in prison for Tai, Xuyen, and Truong.
- Aggravated Identity Theft: Two years of mandatory consecutive prison time for Tai and Quoc.
- Conspiracy to Commit Identity Fraud: Up to 15 years in prison.
GrimResource: New Exploit in Microsoft Management Console
Leave a Reply